**Shinsegae I&C Reports Data Breach Affecting 80,000 Employees and Subcontractors**
On December 26, Shinsegae I&C Inc., the IT subsidiary of South Korean retail conglomerate Shinsegae Group, disclosed a data breach impacting approximately 80,000 employees and subcontractor staff. The company confirmed that personal data—including corporate ID numbers, names, departments, and IP addresses—was compromised via its internal intranet system.
The breach was first detected on December 24, with Shinsegae I&C formally reporting the incident to the Korea Internet & Security Agency (KISA) on December 26. While the exact cause remains under investigation, the company indicated that a malware infection was likely responsible. No customer data was affected.
Shinsegae I&C has initiated an emergency inspection and implemented protective measures following the discovery. The retail giant, which operates high-profile brands such as E-Mart, Starbucks Korea, and Shinsegae Department Stores, has not yet provided further details on the malware’s origin or the extent of the breach’s impact. Investigations into the incident are ongoing.
Source: https://en.yna.co.kr/view/AEN20251226009600320
Shinsegae I&C Inc. TPRM report: https://www.rankiteo.com/company/shinsegae-i&c
Shinsegae Group TPRM report: https://www.rankiteo.com/company/shinsegae
"id": "shishi1766750345",
"linkid": "shinsegae-i&c, shinsegae",
"type": "Breach",
"date": "12/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '80,000 employees and '
'subcontractors',
'industry': 'Retail/Information Technology',
'location': 'South Korea',
'name': 'Shinsegae I&C Inc.',
'type': 'IT Services'}],
'attack_vector': 'Malware Infection',
'customer_advisories': 'No customer information was compromised',
'data_breach': {'number_of_records_exposed': '80,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Corporate ID numbers',
'Names',
'Departments',
'IP addresses']},
'date_detected': '2023-12-25',
'date_publicly_disclosed': '2023-12-26',
'description': 'Shinsegae I&C Inc., the IT arm of retail giant Shinsegae '
'Group, reported a data breach involving the personal data of '
'about 80,000 employees and subcontractors. No customer '
'information was compromised.',
'impact': {'data_compromised': 'Personal data of employees and subcontractors',
'identity_theft_risk': 'High',
'systems_affected': 'Internal intranet system'},
'investigation_status': 'Ongoing',
'references': [{'date_accessed': '2023-12-26',
'source': 'Yonhap News Agency'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to Korea '
'Internet & Security '
'Agency'},
'response': {'communication_strategy': 'Press notice',
'containment_measures': 'Emergency inspection and protective '
'measures',
'incident_response_plan_activated': 'Yes'},
'title': 'Shinsegae I&C Data Breach',
'type': 'Data Breach'}